Subscribe to Email Updates

Subscribe

hand-1248053_1920

Fewer Security Incidents Affected US Federal Government in 2019

By Silviu Stahie on Jun 04, 2020 | 0 Comments

The latest report from the White House's Office of Management and Budget (OMB) shows that the number of cybersecurity incidents dropped in 2019, partly due to better security programs and increased investments. 

The US government is always a target for cybercriminals, including everything from rogue hackers to nation states. Whatever the cause, protection of critical infrastructure and state departments is ensured by a host of agencies that keep a close eye on security incidents.

According to the report submitted by OMB to Congress, it turns out that the total number of security incidents fell 8% in 2019, to 28,581 from 31,107 in 2018. Keep in mind that security incidents don't mean successful intrusions, but a host of infractions that could be as minor as poor password management discovered during an audit. 

"The decline in incidents is correlated with the continued maturation of agencies' information security programs," states the report. "The report to Congress on the implementation of the Federal Information Security Modernization Act of 2014 (FISMA) highlights government-wide programs and initiatives as well as agencies' progress to enhance Federal cybersecurity over the past year. This decline in incidents reported in no way indicates a reduction in the cybersecurity threat posed to the Federal Government." 

The Department of Homeland Security, along with the Cybersecurity and Infrastructure Security Agency, conducted 71 high-value asset assessments. This resulted in 448 findings underlying some potential security problems that look very much like those faced by the business sector. 

The most significant threat is spear-phishing, followed by patch management, admin password reuse, unsecure default configurations, and weak password policies. 

Broken into categories, the security incidents become much clearer. Violation of security policies by employees is the biggest issue, accounting for 12,507 security incidents. Emails and phishing follow, along with attacks executed from web-based applications, loss or theft of equipment, and others. 

The report also gives a few examples of major cybersecurity problems, including one from FEMA in which the personal details of 2.5 million hurricane survivors were compromised by mistake. 

There's no indication that it's a trend, but better implementation of security policies, hardware upgrades and more investments seem to have put a dent into the number of security incidents, even if it's just for one year.

Share This Post On

Author: Silviu Stahie

Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between. He's passionate about security and the way it shapes the world, in all aspects of life. He's also a space geek, enjoying all the exciting new things the Universe has to offer.